Add more Kibana context to E&A Languages page #2859
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🔍 Preview links for changed docs |
benironside
approved these changes
Sep 8, 2025
| ::: | ||
|
|
||
| | **Query DSL** | {{es}}'s primary, most powerful and flexible JSON-style language for complex queries.<br><br>[Full language reference](elasticsearch://reference/query-languages/querydsl.md)| Full-text search, semantic search, keyword search, filtering, aggregations, and more. <br><br>[Query DSL in Kibana](languages/querydsl.md) |[`_search`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-search) | | ||
| | **{{esql}}** | Introduced in **8.11**, the Elasticsearch Query Language ({{esql}}) is a piped query language for filtering, transforming, and analyzing data.<br><br>[Full language reference](elasticsearch://reference/query-languages/esql.md) | Initially tailored towards working with time series data like logs and metrics. You can use {{esql}} in multiple {{kib}} applications for querying, visualizing, and analyzing data.<br><br>[{{esql}} in Kibana](languages/esql-kibana.md) | [`_query`](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-esql) | |
There was a problem hiding this comment.
Maybe this is outside the scope, but what does "Initially tailored towards working with time series data like logs and metrics." mean? Is it saying that's the primary usecase?
There was a problem hiding this comment.
good catch, that's dated, I suggested deleting that phrase :)
| # Querying and filtering [search-analyze] | ||
|
|
||
| You can use {{es}} as a basic document store to retrieve documents and their metadata. However, the real power of {{es}} comes from its advanced search and analytics capabilities. | ||
| {{es}} is not only great at storing and retrieving documents and their metadata, it also offers powerful querying and analytics capabilities that let you search, filter, and analyze your data at scale. These same capabilities are available in {{kib}} applications to facilitate interactive data exploration and visualization. |
leemthompo
approved these changes
Sep 9, 2025
| ::: | ||
|
|
||
| | **Query DSL** | {{es}}'s primary, most powerful and flexible JSON-style language for complex queries.<br><br>[Full language reference](elasticsearch://reference/query-languages/querydsl.md)| Full-text search, semantic search, keyword search, filtering, aggregations, and more. <br><br>[Query DSL in Kibana](languages/querydsl.md) |[`_search`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-search) | | ||
| | **{{esql}}** | Introduced in **8.11**, the Elasticsearch Query Language ({{esql}}) is a piped query language for filtering, transforming, and analyzing data.<br><br>[Full language reference](elasticsearch://reference/query-languages/esql.md) | Initially tailored towards working with time series data like logs and metrics. You can use {{esql}} in multiple {{kib}} applications for querying, visualizing, and analyzing data.<br><br>[{{esql}} in Kibana](languages/esql-kibana.md) | [`_query`](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-esql) | |
There was a problem hiding this comment.
good catch, that's dated, I suggested deleting that phrase :)
| | **Query DSL** | {{es}}'s primary, most powerful and flexible JSON-style language for complex queries.<br><br>[Full language reference](elasticsearch://reference/query-languages/querydsl.md)| Full-text search, semantic search, keyword search, filtering, aggregations, and more. <br><br>[Query DSL in Kibana](languages/querydsl.md) |[`_search`](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-search) | | ||
| | **{{esql}}** | Introduced in **8.11**, the Elasticsearch Query Language ({{esql}}) is a piped query language for filtering, transforming, and analyzing data.<br><br>[Full language reference](elasticsearch://reference/query-languages/esql.md) | Initially tailored towards working with time series data like logs and metrics. You can use {{esql}} in multiple {{kib}} applications for querying, visualizing, and analyzing data.<br><br>[{{esql}} in Kibana](languages/esql-kibana.md) | [`_query`](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-esql) | | ||
| | **EQL** | Event Query Language (EQL) is a query language for event-based time series data. Data must contain the `@timestamp` field to use EQL.<br><br>[Full language reference](elasticsearch://reference/query-languages/eql.md) | Designed for the threat hunting security use case.<br><br>[EQL in Kibana](languages/eql.md) | [`_eql`](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-eql) | | ||
| | **Elasticsearch SQL** | Allows native, real-time SQL-like querying against {{es}} data. JDBC and ODBC drivers are available for integration with business intelligence (BI) tools.<br><br>[Full language reference](elasticsearch://reference/query-languages/sql.md) | Query {{es}} data using a familiar SQL syntax for BI and reporting.<br><br>[Elasticsearch SQL in Kibana](languages/sql.md) | [`_sql`](https://www.elastic.co/docs/api/doc/elasticsearch/group/endpoint-sql) | |
There was a problem hiding this comment.
can you use SQL in Kibana somewhere? 🤷♂️
There was a problem hiding this comment.
Yes
Yes, Elasticsearch SQL can be used in several other places within Kibana beyond Dev Tools and SQL Workbench:
Kibana Apps Supporting SQL
- Discover
Use the KQL/Lucene toggle and switch to SQL mode
Write SQL queries directly in the search bar
Results display in the familiar Discover interface with filtering capabilities- Canvas
Use SQL as a data source for Canvas workpads
Create custom visualizations with SQL queries- Lens (Limited)
Some Lens visualizations can accept SQL-generated data
Primarily through saved queries that can be referenced- Dashboard Panels
Create dashboard panels using SQL queries through Canvas elements
Use SQL-based saved searches in dashboard visualizations
There was a problem hiding this comment.
Left a comment on this issue #2563 (comment) to deal with this
| * **Searchable means that you can filter the documents for conditions.** For example, you can filter for data "within the last 7 days" or data that "contains the word {{kib}}". {{kib}} provides many ways for you to construct filters, which are also called queries or search terms. | ||
| * **Aggregatable means that you can extract summaries from matching documents.** The simplest aggregation is **count**, and it is frequently used in combination with the **date histogram**, to see count over time. The **terms** aggregation shows the most frequent values. | ||
|
|
||
| ## Querying |
There was a problem hiding this comment.
This might be out of scope, but I wonder if this section needs a little overhaul too given the focus in E&A is now Kib?
This section now feels a little disjointed:
- talks about apis instead of defining what querying means
- mixes kib and es concepts without clear separation
- api-centric — emphasizes technical endpoints over actual query capabilities
- omits how to query through kibana ui components
There was a problem hiding this comment.
Yeah we haven't made a cut yet. Instead of making this page about Kibana, I rather think it should stay as is and move once we clean this up
Co-authored-by: Liam Thompson <leemthompo@gmail.com>
Co-authored-by: Liam Thompson <leemthompo@gmail.com>
Co-authored-by: Liam Thompson <leemthompo@gmail.com>
Co-authored-by: Liam Thompson <leemthompo@gmail.com>
Yes that's intended for now. Once we have dealt with the deduplication of other language pages with the "Query languages" reference section, we can actually turn this specifically into "Query languages in Kibana". I think this needs to happen, but after some more cleanup planned with other issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR:
Closes: #2697
Closes: #2845